SQL Injection Vulnerability in ZZCMS 2023 Affects Keyword Filtering Component
CVE-2024-11242

7.2HIGH

Key Information:

Vendor

ZZCMS

Status
Zzcms
Vendor
CVE Published:
15 November 2024

Badges

👾 Exploit Exists

What is CVE-2024-11242?

A serious SQL injection vulnerability has been identified in the ZZCMS 2023 version, specifically impacting the functionality within the file /admin/ad_list.php?action=pass of the Keyword Filtering component. The flaw arises from improper handling of user input in the 'keyword' parameter, allowing attackers to execute arbitrary SQL commands against the underlying database. This vulnerability can be exploited remotely, thereby posing a significant risk to the integrity and confidentiality of the data managed by the affected application. It is essential for users of ZZCMS 2023 to apply necessary patches and monitor for any suspicious activity that could be indicative of exploitation.

Affected Version(s)

ZZCMS 2023

References

https://vuldb.com/?id.284678
vdb-entrytechnical-description
https://vuldb.com/?ctiid.284678
signaturepermissions-required
https://vuldb.com/?submit.442038
third-party-advisory

CVSS V3.1

Score:
7.2
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

NLow6jRm5wxb3RNyziGE (VulDB User)
.
CVE-2024-11242 : SQL Injection Vulnerability in ZZCMS 2023 Affects Keyword Filtering Component